CVE-2023-33952

Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects

CVSS 6.7 MEDIUMEPSS 0.5%CWE-415

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

24 jul 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat Enterprise Linux 9.2 Extended Update Support

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33952 https://bugzilla.redhat.com/show_bug.cgi?id=2218212 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292